.gov registrar problem
Mark Andrews
marka at isc.org
Thu Dec 23 23:39:46 UTC 2010
In message <AANLkTinr979Bw_Cr8DCL-hvhdGdN4V_zpFx9Dc=cU7Lt at mail.gmail.com>, Andy
Harrison writes:
> In case anyone else notices spotty problems resolving .gov names, I
> just sent the following message to registrar at dotgov.gov:
>
> ----
>
> I started investigating a dns issue after we received a few customer
> complaints regarding intermittent problems resolving hostnames under
> noaa.gov. After some in-depth investigation, I believe I've
> identified the issue.
>
> First, the query to see the list of authoritative name servers for .gov:
>
> # dig NS gov @c.root-servers.net
>
> ; <<>> DiG 9.6.1-P3 <<>> NS gov @c.root-servers.net
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53495
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 7
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;gov. IN NS
>
> ;; AUTHORITY SECTION:
> gov. 17280 0 IN NS f.usadotgov.net.
> gov. 17280 0 IN NS a.usadotgov.net.
> gov. 17280 0 IN NS g.usadotgov.net.
> gov. 17280 0 IN NS b.usadotgov.net.
> gov. 17280 0 IN NS d.usadotgov.net.
> gov. 17280 0 IN NS e.usadotgov.net.
> gov. 17280 0 IN NS c.usadotgov.net.
>
> ;; ADDITIONAL SECTION:
> a.usadotgov.net. 172800 IN A 74.208.172.129
> b.usadotgov.net. 172800 IN A 206.204.217.151
> c.usadotgov.net. 172800 IN A 69.72.142.35
> d.usadotgov.net. 172800 IN A 204.168.112.71
> e.usadotgov.net. 172800 IN A 213.165.80.240
> f.usadotgov.net. 172800 IN A 66.207.175.172
> g.usadotgov.net. 172800 IN A 64.62.200.134
>
> ;; Query time: 9 msec
> ;; SERVER: 192.33.4.12#53(192.33.4.12)
> ;; WHEN: Thu Dec 23 17:37:59 2010
> ;; MSG SIZE rcvd: 258
>
> The glue records show a.usadotgov.net with an ip of 74.208.172.129.
>
> Next, using one of the authoritative name servers for usadotgov.net,
> we resolve the a.usadotgov.net name:
>
> # dig a.usadotgov.net @DNSSEC7.DATAMTN.COM
>
> ; <<>> DiG 9.6.1-P3 <<>> a.usadotgov.net @DNSSEC7.DATAMTN.COM
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61276
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 1
> 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;a.usadotgov.net. IN A
>
> ;; ANSWER SECTION:
> a.usadotgov.net. 86400 IN A 76.73.18.236
>
> You can see that the ip address is incorrect for that hostname. This
> is going to cause an issue where some responses for .gov addresses
> will come from a non-authoritative source and should be taken care of
> as soon as possible as this could potentially affect all .gov domains.
No, 76.73.18.236 is authoritative for gov as is 74.208.172.129. It would
appear that a.usadotgov.net is being moved / re-hosted. Discrepencies
such as this are normal when this is happening.
; <<>> DiG 9.6.0-APPLE-P2 <<>> soa gov +norec @76.73.18.236
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1312
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 7, ADDITIONAL: 0
;; QUESTION SECTION:
;gov. IN SOA
;; ANSWER SECTION:
gov. 259200 IN SOA A.USADOTGOV.NET. support.datamtn.com. 1293146225 3600 900 1814400 86400
;; AUTHORITY SECTION:
gov. 259200 IN NS F.USADOTGOV.NET.
gov. 259200 IN NS E.USADOTGOV.NET.
gov. 259200 IN NS A.USADOTGOV.NET.
gov. 259200 IN NS D.USADOTGOV.NET.
gov. 259200 IN NS G.USADOTGOV.NET.
gov. 259200 IN NS B.USADOTGOV.NET.
gov. 259200 IN NS C.USADOTGOV.NET.
;; Query time: 231 msec
;; SERVER: 76.73.18.236#53(76.73.18.236)
;; WHEN: Fri Dec 24 10:38:24 2010
;; MSG SIZE rcvd: 201
Mark
> --
> Andy Harrison
> Lead Systems Engineer
> Metrocast Cablevision
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the NANOG
mailing list